govuk-one-login · Louisasa · Oct 29, 2025 · Oct 15, 2025 · Oct 15, 2025 · Oct 15, 2025
@@ -77,8 +77,6 @@ resource "aws_api_gateway_deployment" "frontend_deployment" {
       module.processing-identity.method_trigger_value,
       module.orch_auth_code.integration_trigger_value,
       module.orch_auth_code.method_trigger_value,
-      module.identity_progress.integration_trigger_value,
-      module.identity_progress.method_trigger_value,
       module.mfa_reset_storage_token_jwk.integration_trigger_value,
       module.mfa_reset_storage_token_jwk.method_trigger_value,
       module.reverification_result.integration_trigger_value,

@@ -1,20 +1,3 @@
-data "aws_iam_policy_document" "api_gateway_can_assume_policy" {
-  version = "2012-10-17"
-
-  statement {
-    effect = "Allow"
-    principals {
-      identifiers = [
-        "apigateway.amazonaws.com"
-      ]
-      type = "Service"
-    }
-
-    actions = [
-      "sts:AssumeRole"
-    ]
-  }
-}
 
 resource "aws_api_gateway_rest_api" "di_authentication_api" {
   name           = "${var.environment}-di-authentication-api"
@@ -104,8 +87,6 @@ resource "aws_api_gateway_deployment" "deployment" {
       module.authentication_callback.integration_trigger_value,
       module.authentication_callback.method_trigger_value,
       var.use_robots_txt ? aws_api_gateway_integration_response.robots_txt_integration_response[0].response_templates : null,
-      jsonencode(aws_api_gateway_integration.orch_frontend_nlb_integration),
-      jsonencode(aws_api_gateway_method.orch_frontend_proxy_method),
       var.orch_openid_configuration_enabled,
       var.orch_doc_app_callback_enabled,
       var.orch_token_enabled,
@@ -216,24 +197,6 @@ resource "aws_cloudwatch_log_subscription_filter" "oidc_waf_log_subscription" {
   }
 }
 
-resource "aws_cloudwatch_log_group" "orch_frontend_authorizer_logs" {
-  name              = "/aws/lambda/${aws_lambda_function.orch_frontend_authorizer.function_name}"
-  kms_key_id        = data.terraform_remote_state.shared.outputs.cloudwatch_encryption_key_arn
-  retention_in_days = var.cloudwatch_log_retention
-}
-
-resource "aws_cloudwatch_log_subscription_filter" "authorizer_log_subscription" {
-  count           = length(var.logging_endpoint_arns)
-  name            = "orch-frontend-authorizer-log-subscription"
-  log_group_name  = aws_cloudwatch_log_group.orch_frontend_authorizer_logs.name
-  filter_pattern  = ""
-  destination_arn = var.logging_endpoint_arns[count.index]
-
-  lifecycle {
-    create_before_destroy = false
-  }
-}
-
 resource "aws_api_gateway_stage" "endpoint_stage" {
   deployment_id = aws_api_gateway_deployment.deployment.id
   rest_api_id   = aws_api_gateway_rest_api.di_authentication_api.id
@@ -755,71 +718,6 @@ EOF
   ]
 }
 
-resource "aws_api_gateway_resource" "orch_frontend_resource" {
-  count       = var.orch_frontend_api_gateway_integration_enabled ? 1 : 0
-  rest_api_id = aws_api_gateway_rest_api.di_authentication_api.id
-  parent_id   = aws_api_gateway_rest_api.di_authentication_api.root_resource_id
-  path_part   = "orch-frontend"
-}
-
-resource "aws_api_gateway_resource" "orch_frontend_resource_proxy" {
-  count       = var.orch_frontend_api_gateway_integration_enabled ? 1 : 0
-  rest_api_id = aws_api_gateway_rest_api.di_authentication_api.id
-  parent_id   = aws_api_gateway_resource.orch_frontend_resource[0].id
-  path_part   = "{proxy+}"
-}
-
-resource "aws_api_gateway_method" "orch_frontend_proxy_method" {
-  count       = var.orch_frontend_api_gateway_integration_enabled ? 1 : 0
-  rest_api_id = aws_api_gateway_rest_api.di_authentication_api.id
-  resource_id = aws_api_gateway_resource.orch_frontend_resource_proxy[0].id
-  http_method = "ANY"
-
-  depends_on = [
-    aws_api_gateway_resource.orch_frontend_resource_proxy
-  ]
-  authorization = "CUSTOM"
-  authorizer_id = aws_api_gateway_authorizer.orch_frontend_authorizer.id
-
-  request_parameters = {
-    "method.request.path.proxy" = true
-  }
-}
-
-data "aws_cloudformation_stack" "orch_frontend_stack" {
-  count = var.orch_frontend_api_gateway_integration_enabled ? 1 : 0
-  name  = var.environment == "sandpit" ? "dev-orch-fe-deploy" : "${var.environment}-orch-fe-deploy"
-}
-
-locals {
-  nlb_dns_name = length(data.aws_cloudformation_stack.orch_frontend_stack) > 0 ? data.aws_cloudformation_stack.orch_frontend_stack[0].outputs["OrchFrontendNlbDnsName"] : null
-  nlb_arn      = length(data.aws_cloudformation_stack.orch_frontend_stack) > 0 ? data.aws_cloudformation_stack.orch_frontend_stack[0].outputs["OrchFrontendNlbArn"] : null
-}
-
-resource "aws_api_gateway_vpc_link" "orch_frontend_nlb_vpc_link" {
-  count       = var.orch_frontend_api_gateway_integration_enabled ? 1 : 0
-  name        = "orch-frontend-nlb-vpc-link"
-  target_arns = [local.nlb_arn]
-}
-
-resource "aws_api_gateway_integration" "orch_frontend_nlb_integration" {
-  count       = var.orch_frontend_api_gateway_integration_enabled ? 1 : 0
-  rest_api_id = aws_api_gateway_rest_api.di_authentication_api.id
-  resource_id = aws_api_gateway_resource.orch_frontend_resource_proxy[0].id
-  http_method = aws_api_gateway_method.orch_frontend_proxy_method[0].http_method
-
-  type                    = "HTTP_PROXY"
-  uri                     = "http://${local.nlb_dns_name}/orch-frontend/{proxy}"
-  integration_http_method = "ANY"
-
-  connection_type = "VPC_LINK"
-  connection_id   = aws_api_gateway_vpc_link.orch_frontend_nlb_vpc_link[0].id
-
-  request_parameters = {
-    "integration.request.path.proxy" = "method.request.path.proxy"
-  }
-}
-
 resource "aws_api_gateway_resource" "orch_openid_configuration_resource" {
   count       = var.orch_openid_configuration_enabled ? 1 : 0
   rest_api_id = aws_api_gateway_rest_api.di_authentication_api.id

@@ -74,8 +74,6 @@ is_orch_stubbed = true
 
 contra_state_bucket = "di-auth-development-tfstate"
 
-orch_frontend_api_gateway_integration_enabled = false
-
 orch_redirect_uri = "https://oidc.authdev1.sandpit.account.gov.uk/orchestration-redirect"
 
 authorize_protected_subnet_enabled = true

@@ -61,8 +61,6 @@ reauth_enter_auth_app_code_count_ttl      = 120
 reauth_enter_sms_code_count_ttl           = 120
 
 
-orch_frontend_api_gateway_integration_enabled = false
-
 orch_redirect_uri = "https://oidc.authdev3.dev.account.gov.uk/orchestration-redirect"
 
 authorize_protected_subnet_enabled = true